The FBI has sounded the alarm over the mass spread of Badbox 2.0, a complex piece of malware which has already infected over one million Android devices globally.
The warning focuses on the massive financial and security risk associated with the resurrected botnet, which seems to have returned to life following previous interdiction attempts by international law enforcement.
Badbox 2.0 is a variant of the original Badbox, which was discovered earlier last year. The malware comes preinstalled on all sorts of unbranded and cheap Android smartphones and smartTVs, streaming boxes, smart speakers, tablets and other IoT devices.
The worrying part? Some devices from reputable brands — such as Hisense and Yandex — have been found to be infected as well. Most of the infected machines are in countried such as India, Russia, China, Brazil, Ukraine and Belarus.
The primary Badbox 2.0 botnet goal is to generate revenue through ad fraud and credential theft activities. The malware makes money for the crooks by clicking on ads behind users’ backs and tries to swipe user account credentials.
It leverages an infected device to relay traffic to avoid leaving footprints that can be followed when malicious activities are traced back to their source.
Symptoms will include overheating of the device, poor performance such as high CPU usage, and unexpected setting changes like the one that allowed untrusted app marketplaces to automatically be installed, as well as the disabling of Google Play Protect. Some media streaming devices that are being called “fully loaded” or offering free content could also have malware installed already.
Though German authorities had dismantled Badbox’s original botnet network last year, Badbox 2.0 has proven to be highly resilient and versatile, carrying on its journey through infected hardware supply chains and dodgy apps downloaded from unofficial third-party app stores. These impacted devices use a variant of Android’s open-source project code and have not been Play Protect certified, as they do not make use of the Google Play Store.
The FBI advises prospective buyers to be extra cautious when buying Android devices, notably unbranded or too-cheap-to-be-true ones. Play Protect-certified devices should be a priority for consumers, who should download only from official app stores.
In case you see some suspicious activity, just unplug the device from your network and do a factory reset. To report possible victimization to the FBI’s Internet Crime Complaint Center (IC3) go to www. ic3. gov is also recommended.
